Secure pre-loaded drive management at kiosk

ABSTRACT

Methods, systems, and apparatus for digital content management and distribution are provided. In an example, a method of protecting digital content at a kiosk is provided. The method includes providing a plurality of memory devices, the plurality of memory devices having pre-loaded content thereon. A selection is received from a user. A memory device is selected from the plurality of pre-loaded memory devices that matches the selection from the user. A dock to which the memory device is to be coupled is determined. The memory device is protected with a unique key corresponding to the dock.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part application of U.S. patentapplication Ser. No. 13/075,674, filed on Mar. 30, 2011, and titled“SECURE KIOSK BASED DIGITAL CONTENT DELIVERY”, the disclosure of whichis hereby incorporated herein by reference.

BACKGROUND

Entertainment content publishers generally sell content on an individualbasis (e.g., one song at a time or a few movies at a time).Traditionally, this content is sold in a brick-and-mortar store, withthe content on a storage medium such as a CD or DVD. Recently, however,content publishers have begun to distribute content through onlinesources and some publishers have even created their own content deliverysystems. For example, some artists are now marketing music online andare airing television ads to publicize new album releases. These contentdelivery changes have been created out of a desire to control deliveryand distribution of content, including preventing unauthorized copying.

OVERVIEW

The present inventors have recognized, among other things, that the daysof prepackaged CD, DVD or Blue-ray disks are ending, while cloudcomputing, internet streaming, and on-demand content are growingrapidly. The existing cloud computing, internet streaming, and on-demandtechnologies, however, may not have sufficient bandwidth in the nearterm to satisfy growing consumer content desires. Additionally, many ofthese existing technologies are not secure, which results in easyunauthorized copying (e.g., ripping or burning) of the content usingunsophisticated software systems. Finally, a downside to these existingtechnologies is their reliance on a delivery system (e.g., the internet,cable TV, or satellite systems) that may soon go up in price due to thecost of deployment.

Bandwidth

New storage technologies represent the future for delivering massamounts of digital content. Soon the average consumer will have multipleterabytes of data in the home and many of these storage systems areconnected to computers, media centers, or home theater systems. Acontent delivery system that can keep up with the consumer's massiveappetite for large amounts of high-definition content is needed. Thereis, however, no conventional system that sends large catalogs of contentto a customer while using a secure delivery method. Moreover, there isno conventional system that sends large catalogs of content withoutusing the internet.

Security

Many content publishers have tried to secure content using digitalrights management (DRM) systems, but there is a limit to the amount ofdigital rights management a customer will live with. Some companiesdeveloped their own DRM systems, but limit customers only to anecosystem of devices and content delivery. Many customers are upset tofind that if they try moving all their content to another provider thefiles won't play. This closed system approach to content delivery is onethat will in the long run upset customers and hurt the industry.Customers want a way to choose their content, but they don't want tofeel like they are locked down. It is fair to say that DRM has a place,but customers are very leery if they feel choices have been limited.With new technology for encryption being used by the CIA and militaryit's now possible to secure content at the hardware level usingsophisticated new drive encryption technology. In addition, an effectivecontent delivery system can mitigate a person's need for stealingcontent, because they can access mass amounts of content for a monthlyfee, without having to purchase content. If you have access to it, youwon't need to steal it.

Content publishers have moved into the area of internet distribution ofcontent. Some publishers have even created their own content deliverysystems out of a need to control the delivery and security of theircontent. However, the only winners are website e-tailers and not thepublishers of the actual content. The e-tailers now have the controlover distribution and this has put the content publishers in a difficultsituation. Some companies have so much market share you either play bytheir rules or lose out on the market. The only way to ensure everyonewins is to create a new content delivery model, pricing structure, andnew level of content security. Hence the need for a revolutionary newapproach to delivering mass amounts of leased content. Content the userdoesn't necessarily own but has rights to use for a set period of time.

Music Piracy

The rise of the internet has led to the growing epidemic of contenttheft for all forms of digital media. The hardest hit has been the musicindustry because ripping a CD is easy and the internet provides a gooddelivery method. During the 90's it was reported that more than 40% ofthe music listened to by consumers 15-34 years of age was ripped orstolen from the web. This staggering statistic has almost turned theentire music industry upside down and the studios have been looking fornew ways to generate revenue. Some artists have recently denounced theinternet, and there is a growing trend of artists going againsttraditional delivery models and looking for new ways to generate revenueillustrates the growing problems in the market.

Movie Piracy

At the birth of the cable TV industry, the story had a happyending—industries collaborated to develop encryption standards and toset up a revenue-sharing model that now generates more than $40 billionin revenues yearly for the cable and satellite TV industries and hascreated more than $200 billion in business value for the cablecompanies, the content companies and the makers of TVs, satellitedishes, and switching equipment. Fast-forward 30 years and companies inthree industries—the content creators, the broadband providers, and thePC makers—have found themselves at a standstill as they try to deliverdigital video over broadband connections. This time, there is an addedelement of urgency: If they fail to act, illegal distribution willlikely ramp up to meet market demand, and bootlegged movies could hurtbox office and downstream revenues, much as file sharing took a bite outof CD sales. Video today stands where music did in 1998.

One might think it would be easy for the entertainment industry to cometogether to solve the piracy problem for movies. Unfortunately, thetrain has left the station and to change distribution paths by movingaway from the internet or silver disk may ultimately upset the customer.It's the fear of upsetting the customers that has prevented solutionsfrom coming to the forefront in the music industry and now the movieindustry.

Movie piracy started with pirates using camcorders to copy movies shownin a theater, a process known as bootlegging. These cam recordings wereput on the internet, usually after a film was released and wereavailable for download from anyone free of charge, although some privatesites charged money to access the free downloads. At one point asoftware program was released that allowed anyone to remove the CSSencryption on a DVD. Although its authors only intended the software beused for playback purposes, it also meant that one could decode thecontent perfectly for ripping; combined with the DivX Alpha codecreleased shortly after, the new codec increased video quality from nearVHS to almost DVD quality when encoding from a DVD source. Movie pirateswere the first to adopt this new technology and the mass consumer marketsoon followed. It seemed everyone you knew was ripping, stealing andsharing digital content. Many saw “ripping and burning” as a naturalevolution of society that was combined with the rise of the internet. Asthe demand grew for downloadable movies and music file sharing networksemerged to provide a central place for sharing illegally ripped content.From this point on the entertainment industry was never the same again.

After widespread panic from the studios in 2000 there was a crackdown oncontent theft and the movie industry was able to convince internetproviders that they were a big part of the problem. So together theystarted shutting down illegal download sites, and tracking down large“ripping” houses that were illegally distributing content online. Also,the studios developed advertising campaigns geared to make people feelbad for ripping and sharing. Even with the looming threat of legalramifications, jail time, and fines, content theft continues to runrampant in the free world of the internet.

Game Piracy

For 2009, the most pirated PC game had a staggering 4.1 milliondownloads via torrents alone compared with an estimated 200,000-300,000actual sales via retail and online. This demonstrates that the mostpopular game of 2009 was also the most pirated, and more importantly,that the actual number of downloads for the most popular game is nowalmost three times as high as in 2008, signaling the explosive growth ofpiracy. It is also interesting to note that while another game soldaround 300,000 copies on PC and had 4.1 million pirated downloads, theconsole version sold in excess of 6 million copies during the sameperiod, and yet had a fraction of the number of pirated downloads ataround 970,000. This illustrates that the PC is the most popularplatform for ripping games.

Game piracy is not being conducted on a small scale; it is clearlysubstantial. Pirated copies are easily and widely available; some gameseven up to a year old can have up to a hundred active torrents throughwhich someone can obtain the game. More popular/desirable games arepirated more heavily than less popular games. The entire top 10 piratedgames list doesn't contain any truly unpopular games, indeed some of themost popular good quality games of 2010 appear on the list. Similarlywhen searching torrents, research shows more popular games have far moreindividual torrent listings than less popular games. This clearlycontradicts the industries claims that “good games get pirated less”—wesee more and more evidence that good games get pirated more.

Finally, on the contentious topic of DRM, the presence of intrusive DRMappears not to increase piracy of a game. For example a number of gamesall have no intrusive DRM whatsoever. These games use basic SafeDisccopy protection with no install limits, no online activation, and nomajor reports of protection-related issues. Yet all were pirated heavilyenough to have the dubious distinction of being in the Top 10 downloadedgames list. But strangely absent from the list are several popular gameswhich do use more intrusive DRM. This indicates quite clearly thatintrusive DRM is not the main reason why some games are pirated moreheavily than others. It's very clear even with the industries bestefforts to secure gaming content, theft is still uncontrollable. Newsystems and ways of protecting digital content are needed before gamessuffer the same debilitating effects the music industry has seen withpiracy.

Reference Material Content

Reference material content can include but is not limited to medicalrecords, literature and other secure documents. Reference materialcontent is growing in volume (e.g., medical records) and poses a problemin that it is difficult to securely transport this large and valuableinformation. While reference material content does not necessarilyconsume the massive amount of storage space as entertainment content,for security issues it may not be desired to be on-line. Moreover, noteveryone has access to a broadband connection and some informationrepositories cannot be securely or legally linked (e.g., when twodifferent medical entities do not comply with the health informationportability and accountability act (HIPAA)).

Network security issues pose a huge problem for transporting medicalrecords. Unlike, for example, the banking industry whereby financialinstitutions can operate their own internal secure data networks andexternally perform secure wire transfers, there is a proliferation ofindependent medical providers that all need to share medical recorddata. Today's medical records are not just “charts”, they can includedigitized text, video, or other digital content information. Data filesmay be extremely large. HIPAA requirements prevent independentpractitioners from exchanging this information. Some of the systems,methods, and apparatus discussed herein provide means for this data tobe transported securely by the patient and not over the internet therebyeliminating the need for independent practitioners to be linked. Ifdesired, a higher level of security can be added through patientbiometric information.

The broadband internet provides virtually limitless access to a plethoraof information. There are limitations and issues, however, with thisaccess. By definition, you need to be on-line to access the information.Not only do many areas of the world not have reliable access, a largesegment of the population in areas that do, cannot afford to connect tothe web. In a teaching situation or with minors the on-line internet canprovide access to information that is undesirable or unaudited. Some ofthe systems, methods, and apparatuses described herein can serve uplarge amounts of reference information without the need to be on-line.This information can be loaded and controlled by the administrator. Itis also available any place at any time.

Some of the systems, methods, and apparatuses discussed herein affordfor securely transporting large amounts of sensitive data without usingthe internet. These systems, methods, and apparatuses can provide forboth sending and receiving authentication ensuring that material canonly be accessed at authorized sending and receiving locations.Biometric authentication is also available. Access to large amounts ofdata can be available any place and any time without the need forconnection to the web. Content can be managed and tracked through thesesystems, methods, and apparatuses both on-line and at a fulfillmentsystem.

Whether it's a movie, music or a PC game piracy affects the entiremulti-media marketplace. It's an issue that needs a solution and animmediate fix for the entertainment industry to survive. One way to fixthe problem is to look at the entire system of content delivery, usecutting edge new encryption technology and create a new content deliverymodel that in some examples doesn't touch the internet. More importantlywhatever system is created should take into consideration the customer.Some of the systems, methods, and apparatuses discussed herein provide away to give customers the feeling of unlimited content that is securedthrough hardware based encryption and hardware authentication. It's away to finally monetize the content delivery market with subscriptionrevenue, a system free from content theft and a system that opens uplarge content catalogs to consumers around the world. Some of thesystems, apparatuses and methods discussed herein achieve these goalswithout internet, without downloading, without streaming and with a lowcost for consumers.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, which are not necessarily drawn to scale, like numeralsmay describe similar components in different views. Like numerals havingdifferent letter suffixes may represent different instances of similarcomponents. The drawings illustrate generally, by way of example, butnot by way of limitation, various embodiments discussed in the presentdocument.

FIG. 1 illustrates generally an example of a system for digital contentdistribution and management.

FIG. 2 illustrates generally an example of a memory device of the systemof FIG. 1.

FIG. 3 illustrates generally an example block diagram of a dock, amemory device, and external devices.

FIG. 4 illustrates generally an example of a fulfillment system.

FIG. 5 illustrates generally an example of a method for digital contentdistribution and management.

FIG. 6 illustrates generally an example of a method for encrypting amemory device with a unique key.

FIG. 7 illustrates an example of loading content from one or morecontent databases onto a memory device.

FIG. 8 illustrates an example of a memory device with content thereoncoupled to a dock.

FIG. 9 illustrates generally another example of a system for managingand distributing content to a plurality of users.

DETAILED DESCRIPTION

The present inventors have recognized, among other things, apparatus,systems, and methods for securely delivering individualized, digitalcontent, in certain examples large quantities of content (e.g.,terabytes, etc.), to a plurality of users.

FIG. 1 illustrates generally an example of a system 100 for digitalcontent distribution and management. In some examples, the system 100can provide secure, individualized, digital content to a plurality ofusers 102. The digital content can be provided to a user 102 on a memorydevice 104. The user 102 can select one or more items of digital contentfor loading on the memory device 104, and the selected digital contentcan be loaded on the memory device 104 by, for example, a fulfillmentsystem 106. Once the digital content is loaded onto the memory device104, the memory device 104 can be physically sent to the user 102. In anexample, the memory device 104 can be physically sent to the user 102via a public or private mailing service or other means. Upon receivingthe memory device 104, the user 102 can couple the memory device 104 toa dock 108. The dock 108 can enable the user 102 to access the contentstored on the memory device 104. In an example, the user 102 canpurchase the dock 108, and can be provided access to digital content onone or more memory device 104 for a recurring fee (e.g., a monthly fee,etc.). In other examples, the user 102 can be provided access to thedock 108 and the digital content on one or more memory device 104 for arecurring fee.

Once the user 102 has accessed the content and completed use of thecontent and the memory device 104, the user 102 can physically send thememory device 104 back to the fulfillment system 106. The user 102 canalso select additional content to be sent to the user 102 on a futurememory device 104. The fulfillment system 106 can receive the returnedmemory device 104 and can reload the memory device 104 with content foranother user 102. Additionally, upon receiving the additional contentselections from the user 102 and, in some examples, upon receiving thememory device 104 back from the user 102, the fulfillment system 106 canload the same or another memory device 104 with the additional contentfor the user 102.

In an example, the memory device 104 and/or the content on the memorydevice 104 can be encrypted such that the content can be accessed by oneor more docks 108, but access to the content by other devices or personsis limited. In some examples, the encryption can be used to securelyassociate the memory device 104 and/or content to one or more specificdocks 108 such that the one or more specific docks 108 are the onlydocks 108 that can access the content on the memory device 104.Accordingly, in some examples, the content on the memory device 104 issecured from being accessed by people other than the users 102associated with a user account corresponding to the one or more specificdocks 108. In an example, a user account includes an account set up withthe fulfillment system 106 for access of content, the user accounthaving one or more users 102 associated therewith.

In some examples, this specifically associated encryption isaccomplished with a unique key. Notably, the memory device 104 and/orcontent can only be accessed by a device having a unique key, and theunique key can be incorporated into the one or more docks 108 to whichthe content and/or memory device 104 are securely associated. In anexample, the unique key is not used in docks 108 other than the one ormore docks 108 to which the content and/or memory device 104 aresecurely associated. Accordingly, the one or more docks 108 can be theonly docks 108 that have access to the unique key to decrypt thecontent/memory device 104.

For example, docks 108 can be manufactured such that each dock 108 has aunique key incorporated therein. In some examples, an individual dock108 can be the only dock 108 having a given unique key incorporatedtherein. In other examples, a unique key can be incorporated into asubset of docks 108 and this subset of docks 108 can have a restricteddistribution such that the subset of docks 108 are provided to, forexample, the same user account for the system 100. Accordingly, a givenunique key is used by, for example, a single user account only and thatunique key can be incorporated into the one or more docks 108 associatedwith (e.g., used by) the single user account. Moreover, in some examplesthe encryption of the memory device 104 can be hardware based encryptionwhich encrypts the entire memory device 104 as described in more detailbelow. Advantageously, the unique key can be used to make it moredifficult to make unauthorized copies (e.g., rips) of content on thememory device 104.

Additionally, in some examples the docks 108 can be secure devices. Forexample, a unique key incorporated in a dock 108 cannot be accessed fromthe dock 108 in an unauthorized manner. In certain examples, the dock108 has only one or more display output (e.g., HDMI output, DisplayPortoutput, or one or more other standard or high definition outputs),otherwise restricting access to the data on the memory device 104.

Accordingly, the system 100 can be used to widely distribute content toany number of users 102, while protecting the content from unauthorizedcopying. For example, each memory device 104 can be securely associatedwith one or more specific docks 108 as discussed above with a uniquekey. Accordingly, even if one of the unique keys were somehow cracked ordiscovered, the unique key would provide access only to content on thememory devices 104 associated with the cracked or discovered unique key.The content sent to other docks 108 on other memory devices 104 wouldremain secure. Moreover, content sent to a first user 102 on a memorydevice 104 for decryption by a first subset of one or more docks 108associated with the first user 102 cannot be accessed by a second user102 that has access to a second subset of one or more other docks 108,but does not have access to the first subset of one or more docks 108.Notably, the system 100 can also make the content difficult to copysince, in some examples, the content is not stored (other than temporarystorage during streaming) in any location other than on the memorydevice 104 in an encrypted form. The content is stored on the encryptedmemory device 104 and can be streamed from the memory device 104 toexternal devices for use.

Content for loading onto a memory device 104 can include any type ofdigital data. Example content includes movies, music, medicalinformation, business documents, reference material, software, videogames, textbooks, videos, lectures, manuals, medical records, productinformation, E-commerce site displays, etc.

FIG. 2 illustrates an example a memory device 104 for storing contentfor access by a dock 108. The memory device 104 can include a storagemedium 202, and an access system 204 for accessing data on the storagemedium 202. The memory device 104 can comprise a hard disk drive, solidstate drive, flash drive, CD, DVD, or other storage medium.

In some examples, the memory device 104 can be encrypted with full diskencryption such as in the Seagate DriveTrust™ system. Here, for example,the access system 204 can encrypt all data that is sent to the storagemedium 202 and can decrypt all data from the storage medium 202 toexternal devices (e.g., a dock 108). The access system 204 is the onlyauthorized means for accessing data on the storage medium 202, and theaccess system 204 can only allow access to the storage medium 202 if anexternal device has the correct key to unlock the memory device 104. Forexample, during boot up of the access system 204, the access system 204can authenticate with the external device by comparing a cryptographichash of a unique key with a unique key provided by the dock 108. If theunique key provided by the dock 108 matches the cryptographic hash, theauthentication is successful, the access system 204 provides access toonboard software and a storage medium 202 of the memory device 104. Ifthe unique key provided by the dock 108 does not match the cryptographichash, the authentication is not successful, the access system 204 failsto boot and the content on the storage medium 202 remains encrypted andinaccessible.

In some examples, the key used by the access system 204 to provideaccess to the storage medium can comprise a unique key as describedabove. For example, the content in the storage medium 202 can beencrypted with a first key. In an example, the memory device 104comprises a Seagate Momentus™ 7200 full disk encryption (FDE) with FIPS140-2 Encryption.

FIG. 3 illustrates generally a block diagram of an example contentmanagement system 300 including a dock 108 and a memory device 104. Asdescribed above, the memory device 104 can be received in a mailingsleeve 302 and can be coupled with the dock 108 via a port 304. In anexample, the port 304 can include a serial ATA (SATA) port and the port304 can support hot-swapping of memory devices 104. The dock 108includes hardware 306 for accessing the content on the memory device 104and for passing the content to an external device 307 (e.g., a monitor,TV, computer, wireless phone). The hardware 306 can include a processingdevice coupled to a memory having software 308 stored thereon forexecution by the processing device. The software 308 can cause theprocessing device to implement an operating system 310 to controloperation of the dock 108 and interaction with a user 108. The operatingsystem 310 can control access of content from the memory device 104, aswell as the sending and/or receiving of content from external devices307. The dock 108 can include a power port 312 for receiving operatingpower from, for example, a line AC power source. The hardware 306 canalso include a graphics card for rendering videos and/or images on anassociated external device 307 (e.g., a display device such as a TV).

In some examples, the dock 108 includes ports for communicative couplingof external devices 307. These ports can include a HDMI, USB, Ethernet,IR, VGA. In some examples, the dock 108 can also communicate withexternal devices 307 wirelessly. For example, the dock 108 can useBluetooth, IEEE 802.11, or other wireless communication techniques.

As mentioned above, in some examples, the dock 108 has a unique keystored therein. The dock 108 can also include a tamperproof case 313 toprevent someone from tampering with the dock 108 in an attempt to accessthe unique key. The tamperproof case 313 can substantially surround thehardware 306 or can substantially surround specific hardware componentsin order access the unique key. In an example, the unique key can berendered un-obtainable (e.g., destroyed, erased) when the tamperproofcase is breached. The tamperproof case 313 can include any type oftamperproof case, such as an electro-mechanical or an electro-opticaltamperproof case.

In some examples, the dock 108 can receive communications from a one-wayremote 312. The one-way remote 312 can receive input from a user 102 andprovide commands to the dock 18 to, for example, control which contentis accessed from the memory device 104 and provided to external devices307. In some examples, the dock 108 can also send and receivecommunications with a two-way remote 314. The two-way remote 314 inaddition to receiving input from user 102 can receive information fromthe dock 108 in order to, for example, provide information to the user102 (e.g., in a built-in display). In an example, the one-way remote 312or two-way remote 314 can have standard remote keys on one side and akeyboard (e.g., QWERTY keyboard) on the opposite side. Here, the remotecontrol 312, 314 can include a gyroscope or other sensor to determine anorientation of the remote control 312, 314. The gyroscope can include asingle axis gyroscope and a multi-axis gyroscope. When the side of theremote control 312, 314 with the standard remote keys is upwards, thatside with the standard remote keys is enabled and the keyboard side isdisabled. Likewise, when the keyboard side is upwards the keyboard isenabled and the standard remote keys are disabled. In an example, whichside of the remote is enable is user selectable (e.g., with one or morekeys on the remote). Accordingly, the remote control 312, 314 canprovide both standard remote functions and a keyboard for providingcommands and information to the dock 108.

In some examples, the dock 108 can stream content from the memory device104 to external devices 307. In an example, the content is streamedwirelessly (e.g., using IEEE 802.11) to local external devices 307. Inan example, the dock 108 uses its unique key to access the content onthe memory device 104, and provides the content to the external device307 such that the external device 307 does not need the unique key. Thestream between the dock 108 and the external device 307, however, canstill be encrypted (e.g., using a shared key encryption).

In an example, the dock 108 can limit the speed (e.g., amount of dataper time) of the stream that is provided to one or more external devices307. In an example, the speed limit can be based on a speed that thedata is to be provided to a user 102. For example, some items of content(e.g., a movie, song) are to be displayed, produced, or otherwiseprovided in a sequence over a certain time interval. In thesesituations, the speed can be limited to at or near the speed at whichthe data is to be provided to a user 102. For example, contentcorresponding to a movie could be provided to the external device 307 ator near the speed that the content is to be rendered on a display at theexternal device 307. Accordingly, even if the external device 307 couldsupport higher speeds of data transfer, the data transfer speed could belimited. Limiting the speed of streaming can reduce the likelihood ofthe content being used in an unauthorized manner, because even ifsomeone identified a way to make unauthorized copies of the stream, theywould be limited to copying the data at a slower speed. Accordingly, theappeal of copying the stream may be lessened since it would take longperiods of time to copy large amounts of data.

Moreover, in some examples, a stream sent from the dock 108 can beprovided in a secure form. For example, a stream sent over a wirelesslink can be encrypted using a shared key. Additionally, a stream sentover a high definition link (e.g., HDMI) can be encrypted using highbandwidth digital content protection (HDCP). In an example, all of thestream(s) sent from the dock 108 are sent in a secure form. Accordingly,in an example, the dock 108 can output content to external devices 307via one or more display outputs only (e.g., HDMI), and the content canbe encrypted using HDCP. Moreover, in an example, the content can onlybe sent to external devices through one or more display outputs and thedata speed is limited as described above.

In an example, the dock 108 can include a web-server such that theexternal devices 307 can communicate with the web-server to controlaccess to the content on the memory device 104. Accordingly, the dock108 can be web-enabled and the external devices 307 can have aninterface to access a catalog of the content on the memory device 104.The dock 108 can then accept transactions (e.g., requests) from theexternal device 307 and stream the selected content to the externaldevice 307. Additionally, the external device 307 can also performaccount management (e.g., selection of new content, user profilechanges, subscription changes, etc.) through the dock 108. For example,the external device 307 can send information regarding accountmanagement to the dock 108 and the dock 108 can store the information onthe memory device 104, such that that when the memory device 104 isreturned, the account management information is received and action istaken by the fulfillment system 106 accordingly. In another example, thedock 108 can have access to the internet (e.g., through a phone line orhigh speed connection) and the external device 307 can access theaccount of the user 102 online using the internet connection of the dock108. The external device 307 can then update the account managementdirectly through the dock 108. In yet another example, the dock 108 canact as a wireless access point where the external device 307 can connectto the internet for general surfing through the dock 108 using thedock's 108 connection to the internet. In other examples, the connectionto the internet through the dock 108 can be limited, for example, bylimiting the connection to account management and other dock 108 relatedactivities.

In one example, a first external device 307 (e.g., a computer coupled tothe dock 108 wirelessly) can send content selections to the dock 108,such that the dock 108 can send the content corresponding to the contentselections to a second external device 307 (e.g., a TV connected to thedock 108 with a HDMI cable). Accordingly, the first external device 307can select, for example, a movie from a catalog displayed on the firstexternal device 307. The dock 108 can receive the selection and send theselected movie to the second external device 307 for display thereon. Inan example, an external device 307 can include a multi-touch device.

In some examples, the dock 108 is a standalone device that is, forexample, configured to be placed in an entertainment center near a TV.In other examples, the dock 108 is configured to be embedded into otherdevices (e.g., a vehicle, computer, cell phone). Here, the memory device104 can be coupled with the dock 108 and the dock 108 can provide thecontent to the other device and/or an output device (e.g., display,speaker) on the other device. For example, the dock 108 can beconfigured to be embedded into a digital movie projector for projectionin a theatre. Accordingly, the producers of movies can send memorydevices 104 having a movie thereon and the memory device 104 can beprotected using a unique key corresponding to one or more docks 108 inone or more specific digital projectors. In other examples, the dock 108can be embedded into a display device (e.g., a monitor or TV).Accordingly, a dock 108 could be located external to a device and havethe port 304 accessible on an external portion of the device.Accordingly, a user 102 can couple a memory device 104 to the port 304on, for example, display device and the embedded dock 108 can access thecontent on the memory device 104 and provide the content to the displaydevice for display thereon.

In an example, the dock 108 includes a TV tuner coupled to, for example,a coaxial input for receiving broadcast TV signals and providing thosesignals to an external device. The dock 108 can, therefore, receivebroadcast TV signals (e.g., from an antenna) and tune the signals usingthe TV tuner and provide the TV signals to an external device.

FIG. 4 illustrates generally an example of a fulfillment system 106 forloading content onto a memory device 104. The fulfillment system 106includes one or more storage area networks (SANs) 402, a fiber networkinfrastructure 404, an enterprise key management system 406, one or morefulfillment servers 408, a fulfillment control database 410, one or moremanagement workstations 412, and one or more drive cabinets 414 forcoupling to memory devices 104.

In an example, a storage area network (SAN) 402 comprises a multiplecontroller implementation optimized to maximize read speeds of largefiles. Content can be spread as wide as a possible across all arrays ofthe SANs 402 in order to facilitate maximum spindle throughput. In anexample, the SANs 402 can be natively coupled to a fiber network.

The one or more fulfillment servers 408 can be coupled to one or morecabinets 414. The one or more cabinets 414 can be configured to coupleto and house one or more memory devices 104. A fulfillment server 408can have a multi-threaded application installed that manages the loadingof memory devices 104 and maintains content selection processingworkflow. The application can communicate with the fulfillment controldatabase 410 which implements a queue containing a list of memorydevices 104 that are authorized for being prepared. The application onthe fulfillment server 408 can search for an available (e.g., empty)slot in a cabinet 414. When an available slot is identified, theapplication can access a list of content that is authorized to be loadedonto a memory device 104 from the queue on the fulfillment controldatabase 410. The fulfillment server 408 can then begin copying contentfrom the SANs 402 to the memory device 104.

In an example, an operator of the fulfillment system 106 can, on ascheduled basis, initiate a request to forecast the most used items ofcontent in the next schedule period. The forecast can create a list ofcontent that can be used to pre-load one or more memory devices 104 atone or more fulfillment servers 408. The forecast can be based on ahistory of previously selected and/or accessed content. The pre-loadedmemory devices 104 at a fulfillment server 408 can be used to cache theforecasted items of content locally to limit the most frequent redundantutilization of the fiber network infrastructure 404. Accordingly, bystoring some (e.g., commonly used) items of content locally at afulfillment server 408, the items can be loaded onto a memory device 104from, for example, another memory device 104 and does not need to usebandwidth of the fiber network infrastructure 404 to download the itemsfrom the SANs 402 each time they are used to load a memory device 104.In an example, the management workstations 412 can access thefulfillment control database 410 to view status, errors, maintenance ofthe fulfillment servers 408. The management workstations 412 can alsoprovide content selection queue override functionality and systemanalytics and reporting. In some examples, the fulfillment system 106can be automated by conveyors, robotics, and other automation systems.

In an example, the content can be stored on the SANs 402 in an encryptedform. For example, an item of content can be stored encrypted with ashared key. Moreover, different items of content can be encrypted withdifferent shared keys. In an example, a shared key is a key that isprovided to a plurality of different users 102 of different useraccounts and/or provided to a plurality of docks 108 associated withdifferent user accounts. Accordingly, a single shared key can be used toencrypt an item of content and this encrypted item of content can beprovided to multiple different docks 108 associated with multipledifferent user accounts where each user account can have access to theshared key and can used the shared key to decrypt the encrypted item ofcontent. Accordingly, the items of content can be loaded onto the memorydevices 104 as encrypted items without having to encrypt the items inreal-time before loading on the memory device. Since the items areencrypted with shared keys, an item of content encrypted with a givenshared key can be loaded onto multiple memory devices 104 and sent tomultiple different users 102 and docks 108. Each user 102 and dock 108can access the item of content by being provided with the shared keycorresponding to the item of content.

The SANs 402 can also store the shared keys associated with each item ofcontent such that the shared keys can be provided to fulfillment server408 for storing onto the memory device 104. In an example, this sharedkey encryption of the items of content can be in addition to the uniquekey protection of the memory device 104. Accordingly, a memory device104 can be loaded with content, wherein the content itself encryptedusing shared keys and different items of the content are encrypted withdifferent shared keys. Moreover, once the content has been loaded on thememory device 104, the memory device 104 can be encrypted using ahardware based encryption as described above with a unique keycorresponding to one or more docks 108.

FIG. 5 illustrates generally an example method 500 for digital contentmanagement and distribution. Method 500 can provide a means to securelyprovide content to a plurality of users 104.

At block 502, a user 102 can select content for loading onto a memorydevice 104. In an example, the content can include movies, music, andvideo games in which the user 102 is provided access to for a fee.Accordingly, in some examples, the content is stored in one or morecentral locations having a fulfillment system 106 that can load thecontent onto one or more memory devices 104 and provide the content tothe user 102. The user 102 can select the content using any suitablemeans to get the selection information to the fulfillment system 106.For example, the user 102 can make the selections on a webpage, over thephone, or by mail. In some examples, the selections can be stored on apreviously used and returned memory device 104, such that when thememory device 104 is returned to the fulfillment system 106, thefulfillment system 106 can extract the selection information from thememory device 104.

In an example, the user 102 can access a webpage to select contenttherefrom. The webpage can include lists of content organized in anappealing manner. In addition, some content can include an interactive“person” to discuss the content in order to provide information to theuser 102 to aid in their selection. For example, if the user 102 isselecting music, a virtual representation of the artist that producedthe music can appear on the webpage and discuss their music.

At block 504, once the fulfillment system 106 receives the selectioninformation from the user 102, the fulfillment system 106 loads one ormore memory devices 104 with the selected content. In an example, amemory device 104 comprises a large amount of space for storing contentsuch that multiple items of content can be stored on a single memorydevice 104. Accordingly, multiple different items individually selectedby a user 102 can be stored on a memory device 104.

In an example, the content loaded onto the memory device 104 isencrypted. In an example, the content is encrypted with a shared key anddifferent items of content can be encrypted with different shared keys.Accordingly, the content can be stored in a database (e.g., on SANs 402of the fulfillment system 106) in an encrypted form and loaded on thememory device 104 in the encrypted form. In some examples, the key orkeys corresponding to the content loaded onto the memory device 104 canalso be loaded on the memory device 104. This key or keys can beencrypted with another key. Advantageously, if different items ofcontent on the memory device 104 are encrypted with different keys, evenif someone were to gain improper access to the memory device 104, aseparate key would have to be cracked to gain access for eachdifferently encrypted item of content. Moreover, in some examples asingle item of content can be divided into sections with each sectionencrypted using a different key.

Once the fulfillment system 106 is authorized to prepare a memory device104 with content for a user 102 (e.g., by receiving a returned memorydevice 104 from the user 102), the fulfillment system 106 can select amemory device 104 to prepare with content for the user 102. Additionaldetail regarding authorization to prepare a memory device 104 isprovided with respect to block 516 below.

First, the fulfillment system 106 can match a user 102 with content forthe user 102. The content for the user 102 can be content selected bythe user 102 and/or extra content 708 added by the fulfillment system106. The fulfillment system 106 can record user selections as they arereceived (e.g., from returned memory devices 104, internet selections,etc.) and when the fulfillment system 106 is authorized to prepare amemory device 104 for the user 102, the fulfillment system 106 can loada memory device 104 with content based on the user selections. Toprepare a memory device 104 for a user 102, the fulfillment system 106can select a memory device 104 to be prepared. In an example, thefulfillment system 106 can select an open memory device 104 and loadcontent thereon corresponding to the user 102.

In some examples, the fulfillment system 106 can preload memory device104 with content, such that the content can be loaded onto a memorydevice 104 prior to receiving authorization to prepare a memory device104 with content for the user 102. Advantageously, pre-loading a memorydevice 104 can reduce the time require to prepare a memory device 104for shipping. In an example, memory devices 104 can be pre-loaded withpopular content such as content corresponding to a particular category(e.g., songs by a particular artist). Accordingly, if the user 102selects content that matches content on a pre-loaded memory device 104,the fulfillment system 106 can select a memory device 104 having thepre-loaded content thereon for preparing for a user 102. If the userselections do not match content that is pre-loaded onto a memory device104, an open memory device 104 can be selected for preparation. In someexamples, the user selections can be received by the fulfillment system106 prior to authorization of preparing a memory device 104 for the user102. For example, the user 102 can select content for adding to a memorydevice 104 via a webpage, but authorization may wait until a memorydevice 104 is returned from the user 102. Here, the fulfillment system106 can pre-load a memory device 104 with content based on the usersselections. Accordingly, when authorization is received to prepare thememory device 104, all or a portion of the content for the user 102 mayalready be loaded onto the memory device 104. If the fulfillment system106 is able to utilize a pre-loaded memory device 104, the fulfillmentsystem 106 can, if space is available on the memory device 104 addadditional content to the pre-loaded content.

Once a memory device 104 is loaded with content for a user 102, thefulfillment system 106 can encrypt the memory device 104 for decryptingby one or more docks 108 associated with the user 102. In an example,the one or more docks 108 have a unique key associated therewith and thefulfillment system 106 can provide the memory device 104 with the uniquekey corresponding to the one or more docks 108 such that memory device104 can secure the content using the unique key as described above. Inan example, the unique key is linked to the user 102 by a databasestored at the fulfillment system 106. In an example, the docks 108 aremanufactured with a unique key therein, and the unique key is not, (ornot easily) accessible once manufacture of the dock 108 is complete.Each dock 108 can have a dock code (e.g., a serial number) and thefulfillment system 106 can maintain a database of each manufactured dock108 and link between the dock code and the unique key associated withthe dock 108. Accordingly, when a user 102 obtains a dock 108, the user102 can notify the fulfillment system 106 of the dock code for the dock108 obtained (e.g., through a registration process). The fulfillmentsystem 106 can then store the link between the user 102 and the dock108/unique key. Accordingly, when preparing a memory device 104 for auser 102, the fulfillment system 106 can provide the memory device 104with the unique key corresponding to the dock 108 of the user 102 forsecuring the memory device 104 with the unique key.

In an example, the user 102 can obtain multiple docks 108, for example,to have docks 108 in multiple locations throughout a place of residence,or in multiple different residences. In an example, each of the docks108 obtained by the user 102 can have the same unique key associatedtherewith. Accordingly, a memory device 104 protected with the uniquekey can be accessed by each of the docks 108 having that unique key.Since the unique key for a dock 108 is unknown to the user 102 and theunique key for a dock 108 cannot be modified (or easily modified) oncethe dock 108 has been manufactured, the user 102 should ensure that eachof the multiple docks 108 obtained has the same unique key. This can beensured by obtaining all docks 108 from a single source where themultiple docks 108 were manufactured as a set, or this can be ensured byrequesting one or more docks 108 be manufactured with a unique keymatching the unique key associated with the dock code of a dock 108already obtained by the user 102.

At block 506, once a memory device 104 is prepared with content for aspecific user 102 and protected with a unique key corresponding to oneor more docks 108 of the specific user 102, the memory device 104 can bephysically delivered to a user 104. As mentioned above, this physicaldelivery can occur via any type of delivery such as public mail, privateservice, user pickup, etc.

At block 508, the user 102 can receive the memory device 104 and couplethe memory device 104 to a dock 108. In some examples, the dock 108 caninclude a slot that can accept the memory device 104 therein. Here, thememory device 104 can be coupled to the dock 108 by inserting the memorydevice 104 into the slot and having a port on the memory device 104contact a port on the dock 108.

As mentioned above, the dock 108 can have a unique key associatedtherewith and the memory device 104 can be protected with a unique key.When the memory device 104 is coupled to the dock 108, the dock 108 canprovide the unique key to the memory device 104 in an attempt to accessthe content on the memory device 104. If the unique key of the dock 108matches the unique key (or a cryptographic hash of the unique key) ofthe memory device 104, the memory device 104 can be unlocked such thatthe dock 108 can access the content on the memory device 104.

As mentioned above, in some examples in addition to the unique keyencryption of the memory device 104, items of content on the memorydevice 104 can individually encrypted. In an example, upon unlocking theunique key, the dock 108 can decrypt the encrypted shared keyscorresponding to the items of content on the memory device 104.Accordingly, the dock 108 can decrypt the items of content on the memorydevice 104 with the shared keys as the items of content are accessed bya user 102.

At block 510, the user 102 can access content on the memory device 104.As the content is accessed, the dock 108 can provide the content to anexternal device 307 for use by the user 102. In some examples, the dock108 can record user information as the content is accessed. The userinformation can include information regarding which content was accessedby a user 102. The recorded information can be stored on the memorydevice 104.

In some examples, the user 102 is able to purchase content topermanently own. The user 102 can provide a command to the dock 108 and(e.g., when payment has been verified), the dock 108 can provide anunencrypted form of the content to an external device 307 for storagethereon.

In an example, some content on the memory device 104 can be accessedprior to stop time, after which the dock 108 will not allow the contentto be accessed. For example, the fulfillment system 106 can include atime stamp regarding the time (e.g., date, hour, minutes, etc.) that thememory device 104 was prepared (or finished being prepared) for the user102, or the time the memory device 104 is to be sent to the user 102.The dock 108 can have a clock and can determine the amount of time sincethe memory device 104 was sent to the user 102. A stop time for thecontent can be determined based on a threshold length of time since thetime stamp, the dock 108 can restrict access to the content on thememory device 104. The user 102 can then call in or otherwise contact acustomer representative to extend/reset the stop time of allowableaccess for the memory device 102. Advantageously, restricting access tothe content to prior to a stop time can encourage users 102 to returnthe memory devices 104 to the fulfillment system 106 for differentmemory devices 104. Additionally, restricting access can reduce thelikelihood of a user 102 pretending to have a lost memory device 104with the intent of accessing the content on the memory device 104 for along period of time.

Furthermore, in some examples, some content on the memory device 104 canbe loaded onto the memory device 104 and provided to a user 102, but thecontent is restricted from access until a certain time (referred toherein as an (“access time”). For example, for a release of a movie, themovie can be loaded onto a memory device 104 and provided to a user 102prior to the release time, but the dock 108 does not provide the contentto external devices 307 prior to the release time. Accordingly, contentcan be provided to users 102 prior to an access time and the content canbe accessed by the users 102 on or after the access time.

In an example, the dock 108 can be remotely disabled. Accordingly,customer service or another entity can send a command to the dock 108 toinstruct the dock 108 not to access content from any memory devices 104.This command can be sent over, for example, a phone line or through theinternet to the dock 108.

At block 512, the user 102 can select additional content for receivingon a future memory device 104. In examples where the dock 108 has acommunicative connection to the fulfillment server 400 (e.g., through aninternet or phone connection), the dock 108 can provide the userselections to the fulfillment server 400 through this connection. Inother examples, the dock 108 can store the user selections on the memorydevice 104 such that the fulfillment system 106 can receive the userselections when the memory device 104 is returned.

At block 514, the user 102 can return the memory device 104 to thefulfillment system 106. Once the user 102 has accessed all desiredcontent on the memory device 104 and/or the user 102 would like to haveanother memory device 104 of new content, the user 102 can de-couple thememory device 104 from the dock 108 and physically return (e.g., mail)the memory device 104 to the fulfillment system 106. Notably, when thememory device 104 is encrypted with the unique key, de-coupling thememory device 104 from the dock 108 returns back to a locked state suchthat the content thereon cannot be accessed without the unique key.

At block 516, the fulfillment system 106 can receive the returned memorydevice 104 and, for example, authorize another memory device 104 to beprepared for the user 102. In some examples, the user 102 can beauthorized access to the content with a subscription where the user 102,for example, pays a monthly fee. Additionally, the subscription canauthorize the user 102 to have a certain number of memory devices 104out from the fulfillment system 106 at a time. For example, asubscription can authorize a user 102 to have two memory devices 104 outat a time. Accordingly, when the user 102 has two memory devices 104out, the fulfillment system 106 can authorize another memory device 104to be prepared when one of the two memory devices 104 currently out arereceived at the fulfillment system 106. In other examples, theauthorization to prepare a memory device 104 can be based on a new orupdated order/subscription service placed by the user 102 or otherschemes.

When the fulfillment system 106 receives a returned memory device 104,the fulfillment system 106 can match the returned memory device 104 witha user 102. In an example, the fulfillment system 106 can have a recordmatching a memory device 104 (e.g., by an external bar code or RFIDchip) with a user 102. Accordingly, upon receiving a memory device 104,the fulfillment system 106 can determine a user 102 corresponding to thememory device 104. The fulfillment system 106 can then authorize anothermemory device 104 to be prepared for the user 104 if appropriate.Additionally, as mentioned above, in some examples, the memory device104 is protected with a unique key that is linked with one or more docks108 corresponding to the user 102. The fulfillment system 106 can alsokeep a record matching each user 102 to one or more unique keys.Accordingly, upon receiving a memory device 104, the fulfillment system106 can match the memory device 104 to a unique key by matching thememory device 104 to a user 102 (e.g., a user account) and the user 102to a unique key. The fulfillment system 106 can then access the memorydevice 104 to determine if there is any user information on the memorydevice 104. User information can include selections for future content,information regarding which content the user 102 accessed, userpreference information (e.g., likes, dislikes, categories or tags ofinterest), product purchases, payment information, and otherinformation. The fulfillment system 106 can then use the userinformation when preparing another memory device 104 for the user 102.

After accessing the user information on the memory device 104, thefulfillment system 106 can mark the memory device 104 as open forpreparing for a user 102. To open the memory device 104, the fulfillmentsystem 106 can remove, erase, or otherwise discard the unique key foruse with the memory device 104. The fulfillment system 106 is then freeto prepare the memory device 104 for another user as described abovewith respect to block 504.

In an example, advertising content can be added to the memory device104. In some examples, the advertising content can be based on thecontent selections or the content that is accessed by the user 102similar to that described with respect to the extra content 708 at block504. In some examples, the advertising content can be content selectedby the user 102. For example, the user 102 can choose advertisingcontent from a certain brand, a certain category (e.g., sporting goods),or of a certain type (e.g., comedy). FIG. 7 illustrates an example ofadvertising content 710 added to a memory device 104 from an advertisingcontent database 704. As shown, the advertising content 710 can be addedto the memory device 104 in addition to the user selected content 706and the extra content 708 from the content database 702.

In some examples, product information (e.g., including services) forpurchase or rent by the user 102 can be loaded onto the memory device104. This product information can include information corresponding toone or more particular brands, manufacturers, or retailers. In anexample, the product information can be accompanied by an E-commercesite display such that the product information can be displayed for theuser in a format similar to that shown on a webpage listing theproduct(s). The user can then select a product for purchase and theproduct selection (purchase) information as well as payment information(e.g., credit card information) can be stored on the memory device 104.When the memory device 104 is returned to fulfillment system 106, theproduct selection information and payment information can be retrievedfrom the memory device 104 and forwarded to the appropriate retailer orvendor for purchase of the item. Accordingly, products can be securelypurchased using the dock 108 and the memory device 104. Once coupled tothe fulfillment system 106, the memory device 104 can have a productcatalog stored thereon updated before being returned to the user 102.

In some examples, the user 102 may be required to access (e.g., view,read) a certain amount of advertising content based on a subscriptionfee paid for access to content. For example, there may be three levelsof subscription service available. A lowest price subscription mayrequire a relatively large amount of advertising content to be accessed.A medium price subscription may require a smaller amount of advertisingcontent to be accessed. A highest price subscription may not require anyadvertising content be accessed. In some examples, the amount ofadvertising that is required can depend on the type (e.g., category) ofadvertising that is selected for access by the user 102. The dock 108can record the advertising content accessed by the user 108 as userinformation mentioned above with respect to block 510. The amount of andwhich advertising content was accessed can then be provided to thefulfillment server 400 which can, in turn, determine whether the user102 has accessed the required amount of advertising content per theirsubscription. In some examples, the authorization of another memorydevice 104 can be based on whether the user 102 has accessed therequired amount of advertising content.

In some examples, the advertising content can be accessed by the user102 specifically selecting the content for access from the memory device104. In other examples, the dock 108 can automatically include theadvertising content with the content being accessed by the user 102. Forexample, the dock 108 can add commercials to movies viewed by the user102 similar to regular TV viewing. The dock 108 could also addadvertising to printed content similar to advertising on a webpage. Inan example, the user 102 can select whether to have automaticadvertising ON or OFF when accessing content.

In some examples, the content on the memory device 104 can beinteractive such that a user 102 can select a portion of the content andthe user 102 can be sent to advertising content corresponding to theportion of the content selected. For example, a movie on the memorydevice 104 can be playing on an external device 307 communicativelycoupled to the dock 108. When an item (e.g., a purse) in the movie isshown, a user 102 can “click” on or otherwise select the item in themovie. The movie can then pause, and advertising content related to thepurse can be shown instead of or in addition to the movie. Theadvertising content can comprise content stored on the memory device104, and/or a webpage on the internet.

FIG. 6 illustrates an example of a method for encrypting a memory device104 with a unique key. As mentioned above, the memory devices 104 can beprotected with a unique key corresponding to one or more docks 108. Thekey management system 406 can comprise a database that associates a user102 and or one or more docks 108 with a unique key. Accordingly, uponloading a memory device 104 with content 602, the fulfillment server 408can receive a unique key from the key management system 406corresponding to a user 102 to which the content 602 on the memorydevice 104 is associated and provide the unique key to the memory device104. When loading a memory device 104 is completed, the memory device104 can be protected using the unique key by encrypting anotherencryption key using the unique key. The memory device 104 can then beejected and de-coupled from the slot of the cabinet 414, where ashipping label is printed and attached thereto.

Accordingly, the key management system 406 can include a plurality ofunique keys, wherein each unique key is associated with one or moredocks 108 having a matching copy of the unique key. Each dock 108 canthen be linked to a user 102 (e.g., a user account) associated with thedock 108, and each user 102 can be linked to content 602 to be loadedonto a memory device 104. Accordingly, the key management system 406 canbe used to link content 602 on a memory device 104 to a specific uniquekey for protecting the memory device 104 that stores the content 602 fora user 102, such that the user 102 can couple the memory device 104 to adock 108 associated with the user 102 and access the content 602 on thememory device 104 using the unique key.

FIG. 7 illustrates an example of loading content from one or morecontent databases 702, 704 onto a memory device 104. As shown, the userselected content 706 corresponding to the selection information for useris loaded onto the memory device from the content database 702. In anexample, the memory device 104 is loaded with extra content 708 that wasnot specifically selected by the user 102. This extra content 708 can,for example, be selected by the fulfillment system 106 from the contentdatabase 702. Advantageously, lesser known content or content that is tobe encouraged can be added to the memory device 104. For example,certain lesser known content can be added to memory devices 104 in orderto, hopefully, be accessed by users 102 and therefore increase theaudience base for the content. The users 102 may become interested inthe content and desire more content from the producer/artist. Thus, thelesser known content can develop a consumer base using the systems,methods, and apparatuses discussed herein. In exchange for generating aconsumer base for the content, the producer/artist for the lesser knowncontent can pay a fee to a service provider operating the fulfillmentsystem. In other examples, the service provider can launch their owncontent by adding the content to the drives. In some examples, thecontent added to the memory device 104 can be well known content and canbe encouraged due to, for example, advertising in the content.

In some examples, the extra content 708 can be selected by thefulfillment system 106 based on user information. For example, thefulfillment system 106 can select content that is similar to or relatedin some manner to the content selected by the user 102. In someexamples, the user 102 can request that extra content 708 selected bythe fulfillment system 106 be added to the memory device 104. Contentcan be tagged with information and the tags on the content selected bythe user 102 can be used to select other similar information. In someexamples, a selection history of the user 102 can be maintained, theselection history comprising information of multiple user selectionsover a period of time. The extra content 708 can be based on theselection history. In some examples, the extra content 708 can beselected based on content that the user 102 has previously received,such that the user 102 does not receive repeat content, or does notreceive the same content within a given time period. In some examples,an access history comprising a history of the content accessed by theuser 102 can be maintained. The access history can be used to selectextra content 708 in a manner similar to that described above withrespect to the selection history. For example, extra content 708 can beselected such that content that has already been accessed by the user102 is not re-provided to the user 102. In another example, the extracontent 708 can be selected based on which content was and was notaccessed by the user 102.

The type of tags used for the content is not limited to any specifictype of tag. For example, movies can be tagged, by year, actor, category(e.g., action), or even customized tags such as movies with specificscenes, locations, etc. In some examples, the tags for movies can beobtained from already populated tag database, e.g., from IMDB, themotion picture industry, or other databases. In some examples, a user102 after accessing content can select attributes (e.g., tags) of thecontent that the user 102 liked so that the fulfillment system can usethe attributes of the content in selecting extra content 708 for theuser 102. Furthermore, in some examples, the attributes can be ranked bythe user. In yet other examples, the dock 108 can prompt a user 102 torespond regarding whether (or how much) the user 102 liked or did notlike the content.

In some examples, after accessing content the dock 108 can prompt a user102 with suggested content and ask whether the user 102 would like toaccess the suggested content. The suggested content can be linked to theuser 102 by tags from the user's previous selections as mentioned above,and/or based on tags from the content that was just accessed. In someexamples, the suggested content can be extra content 708 that is on thememory device 104. In some examples, the suggested content can becontent not present on the memory device 104, but the suggested contentif selected by the user 102 can be added to the user's selected contentsuch that the content will be loaded on a future memory device 104 forthe user 102.

In some examples, the tags for content can be both hierarchical andnon-hierarchical. For example, content can be linked through tags toother content in hierarchical system such that the a first subsection ofcontent can be grouped together under a first heading (e.g., a categorysuch as action) and the first subsection can be further divided intoadditional subsection that are each under headings more granulated thanthe first heading. In addition to these hierarchical groupings, contentcan be linked tangentially by relationships that are non-hierarchicalwhich comprise a single level. In some examples, portions of the contentcan be tagged. Accordingly, one or more specific portions of, forexample, a movie can be linked using the tags as mentioned above.

In some examples, the user 102 can provide a search command to searchfor content on a memory device 104 coupled to a dock 108 using the tagsand/or other identifying data. The search command can be received by thedock 108 which can identify content based on the search command andprovide the content, a portion thereof, or a list thereof to the user102. In some examples, the search command can be received through voicerecognition of a spoken command from the user 102. The user 102 canprovide a voice search command to an external device 102, the voicesearch command can be converted into text and the content and/or tagscan be searched based on the search command. In an example, when thecontent includes movies, the search commands can search data regardingclosed captioning for the movies. Thus, a movie can be identified andlinked to a specific portion or time in the movie corresponding to thesearch command. In order to reduce the processing required to convertthe voice signal into text, a voice command received can be comparedagainst a limited library voice signals corresponding to the content onthe memory device 104. Accordingly, it will be determined whether avoice signal received corresponds to any of the content on the memorydevice 104. In an example, when content is loaded on the memory device104 an associated voice recognition file corresponding to the loadedcontent can also be loaded onto the memory device 104. This associatedvoice recognition file can then be used to link the content to a voicesignal during voice recognition. Furthermore, in some example, gesturerecognition can be used to send commands to the dock 108. The dock 108can have a camera, infrared, thermal sensor, or other device coupledthereto or to an external device 307 in order to identify the gesturesof the user 102.

FIG. 8 illustrates an example of a memory device 104 coupled to a dock108. As discussed above, the memory device 104 can include advertisingcontent 710 for a user 102 associated with the dock 108. The memorydevice 104 can also include a plurality of items of content 706, 708including user selected content 706 and extra content 708 added to thememory device 104 based on a user history. Each item of content 706, 708can be encrypted with a shared key, and different items 706, 708 can beencrypted with different shared keys. The memory device 104 can alsoinclude the shared keys 802 corresponding to the content 706, 708. Thememory device 104 can also include user information 804 as discussedabove. Additionally, the memory device 104 can include meta-data 806related to the items of content 706, 708. In an example, the meta-datacan include voice recognition information relating to the content asdiscussed above. The memory device 104 can be encrypted with a firstunique key that corresponds to the first unique key of the dock 108.

Accordingly, the dock 108 can provide the first unique key to the memorydevice 104. The memory device 104 can receive the first unique key andsince the first unique key matches the unique key used to protect thememory device 104, the memory device 104 can unlock and provide the dock108 access to the data 710, 706, 708, 802, 804 on the memory device 104.The dock 108 can use the shared keys 802 to decrypt and access the itemsof content 706, 708. The dock 108 can also add advertising content 710as appropriate. Additionally, the dock 108 can store user information804 in the memory device 104.

FIG. 9 illustrates generally another example of a system 900 formanaging and distributing content to a plurality of users 102. System900 operates similar to system 100 as described above with respect toFIG. 5. Similar to method 500, a user 102 can make selections of contentfor loading onto a memory device 104 (block 502). In system 100,however, the content for a memory device 104 is loaded onto the memorydevice 104 by streaming the content from the fulfillment system 106 to adock 108 over a network (e.g., the internet). Once the content isreceived at the dock 108 the content can be stored on the memory device104 coupled to the dock 108. In an example, the content can be streamedusing the shared key encryption for each item of content as discussedabove. Once the content is received by the dock 108, the content can bestored on the memory device 104 which is protected with a unique keycorresponding to the dock 108. In an example, the shared keyscorresponding to each item of content can be provided to the dock 108 ata previous time. In an example, these shared keys are not streamed overthe internet to the dock 108. In an example, these shared keys arestored on the memory device 104 by, for example, the fulfillment system106 and the memory device 104 is mailed to the user 102. Accordingly,the shared keys can be accessible by the dock 108 without being sentover the internet. Additionally, a catalog of shared keys available to adock 108 can be updated over time as memory devices 104 are returned tothe fulfillment system and sent to the user 102. In another example, theshared keys are incorporated into the dock 108 during manufacture of thedock 108.

Accordingly, the content can be securely transported and stored by beingsent from the fulfillment server 400 to a secure device (e.g., the dock108 having a unique key and a tamperproof case 313). Additionally, oncethe content is stored, the content is still secure from copying sincethe content is stored on the memory device 104 that is protected with aunique key. Accordingly, when the memory device 104 is de-coupled fromthe dock 108, the memory device 104 is encrypted protecting the contentthereon. In system 900, therefore, the dock 108 functions as both acontent access device for accessing content on the memory device 104 andas a content loading device by receiving content from the fulfillmentsystem 106 over the internet and loading the content onto a memorydevice 104. Accordingly, the memory device 104 can be securely loadedfrom a remote location with respect to the fulfillment system 106.

In another example, the fulfillment system 106 can stream the contentfor a user to a remote kiosk 902 having one or more memory devices 104located therein. The remote kiosk 902 can act as a loading device forthe memory device 104 and can extract user information from the memorydevice 102 to provide to the fulfillment system 106. In some examples, aremote kiosk 902 can operate similar to a cabinet 414 in the fulfillmentsystem 106 except that the remote kiosk is located remotely from thefulfillment system 106 and communicatively coupled to the fulfillmentsystem 106 via a network (e.g., the internet).

In an example, the remote kiosk 902 can be located in a store or otherlocation that is readily accessible by a user. In an example, the remotekiosk 902 can include at least one processing device coupled to a memoryhaving instructions thereon for execution by the at least one processingdevice. The remote kiosk 902 can also include an input device forreceiving information from a user, and a port configured to couple to amemory device 104. In an example, the input device can include atouchscreen, keyboard, and/or a mouse. In some examples, the user canpick out a memory device 104 from the store and couple the memory device104 to the remote kiosk 902 via the port. In other examples, the remotekiosk 902 can be set up as a vending machine where one or more memorydevices 104 are internal to the remote kiosk 902 and the user can selecta memory device 104 for use. The remote kiosk 902 can also include acommunication circuit for communicating with the fulfillment system 106.

In an example, a plurality of memory devices 104 can be pre-loaded withdigital content (e.g., by the fulfillment system 106) and delivered to alocation (e.g., a store) nearby the kiosk 902. Different memory device104 can have different content such that a user can select a particularmemory device 104 in order to access the content thereon. For example, afirst memory device 104 can include music from the 1960s and a secondmemory device 104 can include the seasons of the Simpsons. In someexamples, where the kiosk 902 is a vending machine, the memory devices104 can be loaded into the kiosk 902. In any case, the pre-loaded memorydevices 104 can be selected by a user for purchase or rent. When amemory device 104 is not internal to the kiosk 902, the memory device104 can be manually coupled to the kiosk 902 by the user via the port.When a memory device 104 is internal to the kiosk 902, the memory device104 can be coupled to the port by the kiosk 902 or can be alreadycoupled to a port when loaded into the kiosk 902. When memory devices104 are internal to the kiosk 902, the user can provide a selection ofwhich memory device 104 he or she would like to select.

In any case, once a memory device 104 is coupled to the kiosk 902, thekiosk 902 can receive an indication of a dock to which the memory device104 is to be coupled. The indication can be received from a user via theinput device. In an example, the indication can include useridentification information (e.g., user name, user account info, etc.).Based on this user information, the kiosk 902 can protect (e.g.,encrypt) the memory device 104 with a unique key corresponding to a dock108 of the user. In an example, the kiosk 902 can look-up the unique keycorresponding to the dock 108 via a database that links the unique keyto the dock or the user account or both. Thus, the user can select aparticular memory device 104 based on the content pre-loaded on thememory device 104 and the kiosk 902 can protect the memory device 104for use by a dock corresponding to the user.

In an example, the kiosk 902 can maintain a local database linking theunique key with a user account, dock, or both. This database can, forexample, be updated by communicating with a server (e.g., in thefulfillment system 106). In other examples, the kiosk 902 can send arequest to a server (e.g., in the fulfillment system 106) for the uniquekey corresponding to the indication of a dock received at the kiosk 902.The kiosk 902 can send an indication of a dock to the server in therequest. The server can look-up the unique key corresponding to the dockin a database at the server. The server can then send the unique keyback to the kiosk 902, and the kiosk 902 can use the unique key toprotect the memory device 104.

In an example, the kiosk 902 can also load digital content onto thememory device 104. The digital content can be selected by the user orcan be selected by the kiosk 902 or fulfillment system 106. In anexample, the user can select digital content via the input device of thekiosk 902. The kiosk 902 can then load the selected content on thememory device 104. The content can be stored locally on the kiosk 902 orcan be downloaded from the fulfillment system 106. In an example, theuser can pre-select content for loading by the kiosk 902. For example,the use can provide content selections (e.g., via a webpage, phone,etc.) to the fulfillment system 106 and select a kiosk 902 (e.g., vialocation) at which the user will load the content onto a memory device104. The fulfillment system 106 can then communicate with the selectedkiosk 902 and provide the selected content for download to the selectedkiosk 902. The selected kiosk 902 can then download the content andstore the content locally until the user accesses the kiosk 902 to loadthe content onto a memory device 104. In some examples, the kiosk 902could also pre-protect the content such that the user can simply inputidentification information and the kiosk 902 could provide a protectedmemory device 104 corresponding to a dock of the user and the memorydevice 104 can have selected content loaded thereon.

As an extension of the fulfillment system 106, the content loaded ontothe memory device 104 at the kiosk 902 can include any of the contentdescribed above. For example, the content can include videos, movies,advertising content, product information, medical records/information,etc. In particular, the kiosk 106 can load product information (e.g., aproduct catalog) and associated information. If the memory device 104 isbeing returned or re-loaded from a user 102, any product selection(purchase) information on the memory device 104 can be downloaded ontothe kiosk 902 and forwarded to the appropriate retailer/vendor.

In some examples, the stream from the fulfillment system 106 to the dock108 and/or remote kiosk 902 can be limited in speed (e.g., amount ofdata per time). In an example, the speed limit can be based on a speedthat the data is to be provided to a user 102. For example, some itemsof content (e.g., a movie, song) are to be displayed, sound produced, orotherwise provided in a sequence over a certain time interval. In thesesituations, the speed can be limited to at or near the speed at whichthe data is to be provided to a user 102. For example, contentcorresponding to a movie could be provided to the dock 108 and/or remotekiosk 902 at or near the speed that the content is to be rendered on adisplay at the external device 307. Accordingly, even if a connection tothe dock 108 could support higher speeds of data transfer, the datatransfer speed could be limited. Limiting the speed of streaming canreduce the likelihood of the content being used in an unauthorizedmanner, because even if someone identified a way to make unauthorizedcopies of the stream, they would be limited to copying the data at aslower speed. Accordingly, the appeal of copying the stream may belessened since it would take long periods of time to copy large amountsof data.

Additionally, in some examples, to further protect the content fromunauthorized copying, the content streamed over the internet can besegmented and loaded over a period of time. For example, a first segmentcan be sent at a first time, with a break between the first segment anda second segment which is sent at a second time. The times for sendingeach segment can be random to further reduce the likelihood of copyingof the data. Accordingly, the memory device 104 could be “trickle”loaded over a period of time.

In some examples, the dock 108 can provide an error code when the dock108 malfunctions. For example, if the tamperproof case 313 is breachedon the dock 108, the dock 108 can provide a first code, if a hardwarecomponent on the dock 108 malfunctions, the dock 108 can provide asecond code. In an example, a combined code can be provided by the dock108. The combined error code comprises multiple codes corresponding tomultiple different errors that are concatenated together. If a dock 108malfunctions, the user 102 can call or otherwise access a customerservice for the dock 108 and the user 102 can provide the customerservice with the error code. Advantageously, when the error code is acombined code, the user 102 can provide the customer service with asingle code for all errors.

In an example, the content distribution and management system 100 can beused to securely send content from one user 102 to another user 102. Forexample, a first user 102 can load content onto a memory device 104coupled with a first dock 108. The first user 102 can then de-couple thememory device 104 from the first dock 108. Since the memory device 104is protected with a unique key corresponding to the first dock 108, whenthe memory device 104 is de-coupled from the first dock 108, the memorydevice 104 is locked. The first user 102 can then send the memory device104 to the fulfillment system 106. The first user 102 can also providean indication of where to send (e.g., to the second user 102) thecontent on the memory device 104 from the fulfillment system 106. In anexample, this indication of where to send the content can be loaded asuser information on the memory device 104. In some examples, the firstuser 102 can also provide an indication of which content on the memorydevice 104 to send to the second user 102.

The fulfillment system 106 can receive the memory device 104, link thememory device 104 to the first user 102 and unlock the memory deviceusing the unique key corresponding to the first user 102. Thefulfillment system 106 can then prepare a memory device 104 for thesecond user 102 having the content provided by the first user 102thereon. In an example, the fulfillment system 106 can use the memorydevice 104 returned from the first user 102 by removing and/or addingcontent to/from other entities to the memory device 104 andre-protecting the memory device 104 with the unique key corresponding tothe second user 102 (e.g., a second user account). In another example,the fulfillment system 106 can load the content from the first user 102onto another memory device 104 (possibly in conjunction with othercontent) and the fulfillment system 106 can protect the another memorydevice 106 with the unique key corresponding to the second user 102. Thefulfillment system 106 can then send the memory device 104 protectedwith the unique key corresponding to the second user 102 to the seconduser 102. The second user 102 after receiving the memory device 104 canunlock the memory device 104 with a dock 108 having the unique keyassociated with the user 102 and the user 102 can access the contentfrom the first user 102.

Accordingly, content from a first user 102 can be securely sent from thefirst user 102 to the second user 102 without anyone else being able tode-crypt the content. This process can be carried out on a large scalesuch that a plurality of users 102 could send content to one anotherusing unique keys associated with each user 102 (e.g., user account) andusing the fulfillment system 106 as an intermediary between users.Additionally, a user 102 can instruct the fulfillment system 106 to sendcontent to multiple users 102 in the same manner. Accordingly, onlyusers 102 to which the content is sent are able to decrypt and accessthe content.

Additional Notes

The above detailed description includes references to the accompanyingdrawings, which form a part of the detailed description. The drawingsshow, by way of illustration, specific embodiments in which theinvention can be practiced. These embodiments are also referred toherein as “examples.” Such examples can include elements in addition tothose shown or described. However, the present inventors alsocontemplate examples in which only those elements shown or described areprovided. Moreover, the present inventors also contemplate examplesusing any combination or permutation of those elements shown ordescribed (or one or more aspects thereof), either with respect to aparticular example (or one or more aspects thereof), or with respect toother examples (or one or more aspects thereof) shown or describedherein.

All publications, patents, and patent documents referred to in thisdocument are incorporated by reference herein in their entirety, asthough individually incorporated by reference. In the event ofinconsistent usages between this document and those documents soincorporated by reference, the usage in the incorporated reference(s)should be considered supplementary to that of this document; forirreconcilable inconsistencies, the usage in this document controls.

In this document, the terms “a” or “an” are used, as is common in patentdocuments, to include one or more than one, independent of any otherinstances or usages of “at least one” or “one or more.” In thisdocument, the term “or” is used to refer to a nonexclusive or, such that“A or B” includes “A but not B,” “B but not A,” and “A and B,” unlessotherwise indicated. In the appended claims, the terms “including” and“in which” are used as the plain-English equivalents of the respectiveterms “comprising” and “wherein.” Also, in the following claims, theterms “including” and “comprising” are open-ended, that is, a system,device, article, or process that includes elements in addition to thoselisted after such a term in a claim are still deemed to fall within thescope of that claim. Moreover, in the following claims, the terms“first,” “second,” and “third,” etc. are used merely as labels, and arenot intended to impose numerical requirements on their objects.

Method examples described herein can be machine or computer-implementedat least in part. Some examples can include a computer-readable mediumor machine-readable medium encoded with instructions operable toconfigure an electronic device to perform methods as described in theabove examples. An implementation of such methods can include code, suchas microcode, assembly language code, a higher-level language code, orthe like. Such code can include computer readable instructions forperforming various methods. The code may form portions of computerprogram products. Further, the code can be tangibly stored on one ormore volatile or non-volatile tangible computer-readable media, such asduring execution or at other times. Examples of these tangiblecomputer-readable media can include, but are not limited to, hard disks,removable magnetic disks, removable optical disks (e.g., compact disksand digital video disks), magnetic cassettes, memory cards or sticks,random access memories (RAMs), read only memories (ROMs), and the like.

The above description is intended to be illustrative, and notrestrictive. For example, the above-described examples (or one or moreaspects thereof) may be used in combination with each other. Otherembodiments can be used, such as by one of ordinary skill in the artupon reviewing the above description. The Abstract is provided to complywith 37 C.F.R. §1.72(b), to allow the reader to quickly ascertain thenature of the technical disclosure. It is submitted with theunderstanding that it will not be used to interpret or limit the scopeor meaning of the claims. Also, in the above Detailed Description,various features may be grouped together to streamline the disclosure.This should not be interpreted as intending that an unclaimed disclosedfeature is essential to any claim. Rather, inventive subject matter maylie in less than all features of a particular disclosed embodiment.Thus, the following claims are hereby incorporated into the DetailedDescription, with each claim standing on its own as a separateembodiment, and it is contemplated that such embodiments can be combinedwith each other in various combinations or permutations. The scope ofthe invention should be determined with reference to the appendedclaims, along with the full scope of equivalents to which such claimsare entitled.

1. A method of protecting digital content at a kiosk, the methodcomprising: providing a plurality of memory devices, the plurality ofmemory devices having pre-loaded content thereon; receiving a selectionfrom a user; selecting a memory device from the plurality of pre-loadedmemory devices that matches the selection from the user; determining adock to which the memory device is to be coupled; and protecting thememory device with a unique key corresponding to the dock.
 2. The methodof claim 1, wherein determining a dock includes receiving an indicationof a dock to which the memory device is to be coupled from a useraccessing the kiosk.
 3. The method of claim 1, wherein the selectionfrom the user indicates the memory device that is to be coupled to thedock.
 4. The method of claim 1, wherein the selection from a usercorresponds to content that matches content on the memory device.
 5. Themethod of claim 1, comprising: using a fulfillment server to pre-loadcontent onto the plurality of pre-loaded memory devices; and deliveringthe plurality of pre-loaded memory device to a location nearby thekiosk.
 6. The method of claim 1, comprising: loading additional contentonto the memory device.
 7. The method of claim 1, comprising: receivinga selection from the user indicating additional content to load onto thememory device, wherein loading additional content includes loadingcontent corresponding to the selection from the user.
 8. The method ofclaim 1, wherein loading additional content includes loading contentselected by one of the kiosk or a fulfillment system.
 9. The method ofclaim 1, wherein the plurality of memory devices include memory deviceswith different pre-loaded content.
 10. A method of protecting digitalcontent at a kiosk, the method comprising: providing a plurality ofmemory devices, wherein at least a subset of the plurality of memorydevices have pre-loaded content thereon; receiving a selection ofcontent from a user; selecting one or more of the plurality of memorydevices as a function of the selection of content from the user, whereinselecting includes if the selection of content from the user matchescontent on one of the at least a subset of memory devices, selecting theone of the at least a subset of memory devices having pre-loaded contentthereon; if the selection of content from the user does not matchcontent on one of the at least a subset of memory devices, selecting oneof the plurality of memory devices and loading content corresponding tothe selection on the one of the plurality of memory devices; receivingan indication of a dock to which the selected memory device is to becoupled, the indication received from a user accessing the kiosk; andprotecting the selected memory device with a unique key corresponding tothe dock.
 11. The method of claim 10, wherein the plurality of memorydevices include memory devices with different pre-loaded content.
 12. Akiosk comprising: a plurality of memory devices, the plurality of memorydevices having pre-loaded content thereon; at least one processingdevice; a memory coupled to the at least one processing device, whereinthe memory includes instructions which, when executed by the one or moreprocessors, cause the one or more processors to: receive a selectionfrom a user; select a memory device from a plurality of pre-loadedmemory devices that matches the selection from the user; determine adock to which the memory device is to be coupled; and protect the memorydevice with a unique key corresponding to the dock.
 13. The kiosk ofclaim 12, wherein the selection from the user indicates the memorydevice that is to be coupled to the dock.
 14. The kiosk of claim 12,wherein the selection from a user corresponds to content that matchescontent on the memory device.
 15. The kiosk of claim 12, wherein theinstructions cause the one or more processors to: load additionalcontent onto the memory device based on the dock and corresponding userto which the memory device is to be coupled.
 16. The kiosk of claim 12,wherein the instructions cause the one or more processors to: receive aselection from the user indicating additional content to load onto thememory device, wherein loading additional content includes loadingcontent corresponding to the selection from the user.
 17. The kiosk ofclaim 12, wherein the at least a subset of memory devices include memorydevices with different pre-loaded content.
 18. The kiosk of claim 12,wherein determine a dock includes receive an indication of a dock towhich the memory device is to be coupled from a user accessing thekiosk.
 19. The kiosk of claim 12, wherein the instructions cause the oneor more processors to: download product selection information from amemory device being returned from a user, the product selectioninformation corresponding to a product to be purchased by a user thatwas selected while the memory device was coupled to a dock; and send theproduct selection information over the internet to an appropriate entityfor purchase of the product by the user.
 20. The kiosk of claim 19,wherein the instructions cause the one or more processors to: update aproduct catalog stored on the memory device.